CVE-2024-0676

Опубликовано: 30 янв. 2024

Источник: nvd

CVSS3: 5.6

CVSS3: 7.1

EPSS Низкий

Описание

Weak password requirement vulnerability

in Lamassu Bitcoin ATM Douro machines, in its 7.1 version

, which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lamassu:douro_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:lamassu:douro_ii_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:h:lamassu:douro_ii:-:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00029

Низкий

5.6 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-521

Связанные уязвимости

GHSA-597m-g6ch-mrf9

CVSS3: 5.6

github

около 2 лет назад

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack.

EPSS

Процентиль: 8%

0.00029

Низкий

5.6 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-521